Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help..suspected malware


  • Please log in to reply
14 replies to this topic

#1 johncoins

johncoins

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 05 May 2017 - 10:39 AM

I keep getting pop ups saying I'm infected... I don't click on any of the links...  and my computer is slow.

I think I am infected with something.. I ran windows defender and it comes up clean... What do I do???



BC AdBot (Login to Remove)

 


#2 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,032 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:01:16 AM

Posted 05 May 2017 - 11:33 AM

Download Farbar MiniToolBox and save the file to your desktop.

  1. Open MiniToolBox by right-clicking it and selecting Run as Administrator.

  2. Make sure the following options are checked and then click Go:

Report IE Proxy Settings

Report FF Proxy Settings

List content of Hosts

List IP configuration

List Winsock Entries

List last 10 Event Viewer log

List Installed Programs

List Devices (Don't change any settings here)

List Users, Partitions and Memory size

List Restore Points

  1. Paste the log file contents into a post.

     

 

 

 

 

Download Malwarebytes Anti-Malware from the provided link.

  1. Launch MBAM by clicking the .EXE file you downloaded.

  2. Run the installation wizard.

  3. Once complete, open MBAM and click Scan.

  4. Let the scan complete, then make sure all threats are selected and click Quarantine.

  5. Once done, go to History > Logs. Select the most recent Scan Log and paste its contents into a post.

 

 

Download ESET Online Scanner and save it to your desktop

 

  1. Double-click on the ESET Online Scanner icon to launch ESET.

  2. Click through the prompts and select “Enable detection of potentially unwanted applications.”

  3. Click “Scan” and let the tool run.

  4. Once done, click the “Save to text file...” Save the file to your desktop and paste the contents into a post.


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#3 johncoins

johncoins
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 05 May 2017 - 01:33 PM

Thank-you for your quick reply, the Farber is posted below..

MiniToolBox by Farbar  Version: 17-06-2016
Ran by john (administrator) on 05-05-2017 at 13:41:16
Running from "C:\Users\john\Downloads"
Microsoft Windows 8.1 with Bing  (X64)
Model: 19-2113w Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com

There are 15463 entries.

========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Ethernet (Connected)
Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter = Wi-Fi (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : pcname
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : attlocal.net

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : 12-10-B3-08-D2-6B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 60-02-92-1B-C3-26
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2602:306:ce00:7710::3e8(Preferred)
   Lease Obtained. . . . . . . . . . : Friday, May 5, 2017 1:35:30 PM
   Lease Expires . . . . . . . . . . : Sunday, June 4, 2017 1:35:30 PM
   IPv6 Address. . . . . . . . . . . : 2602:306:ce00:7710:6d70:f3d:6a3b:3f78(Preferred)
   Temporary IPv6 Address. . . . . . : 2602:306:ce00:7710:a9e5:804a:3dd1:ca88(Preferred)
   Link-local IPv6 Address . . . . . : fe80::6d70:f3d:6a3b:3f78%4(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.64(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Friday, May 5, 2017 1:35:25 PM
   Lease Expires . . . . . . . . . . : Saturday, May 6, 2017 1:35:25 PM
   Default Gateway . . . . . . . . . : fe80::3a3b:c8ff:fecb:3e35%4
                                       192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 156548855
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-CF-31-42-60-02-92-1B-C3-26
   DNS Servers . . . . . . . . . . . : 2602:306:ce00:7710::1
                                       82.163.143.157
                                       82.163.142.159
   NetBIOS over Tcpip. . . . . . . . : Enabled

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
   Physical Address. . . . . . . . . : 30-10-B3-08-D2-6B
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 4:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:1c84:2e55:3f57:febf(Preferred)
   Link-local IPv6 Address . . . . . : fe80::1c84:2e55:3f57:febf%6(Preferred)
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 318767104
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1B-CF-31-42-60-02-92-1B-C3-26
   NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.attlocal.net:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : attlocal.net
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  UnKnown
Address:  2602:306:ce00:7710::1

Name:    google.com
Addresses:  2607:f8b0:4002:c06::64
      172.217.11.142


Pinging google.com [2a00:1450:4009:806::200e] with 32 bytes of data:
Reply from 2a00:1450:4009:806::200e: time=128ms
Reply from 2a00:1450:4009:806::200e: time=126ms

Ping statistics for 2a00:1450:4009:806::200e:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 126ms, Maximum = 128ms, Average = 127ms
Server:  UnKnown
Address:  2602:306:ce00:7710::1

Name:    yahoo.com
Addresses:  2001:4998:c:a06::2:4008
      2001:4998:58:c02::a9
      2001:4998:44:204::a7
      206.190.36.45
      98.138.253.109
      98.139.183.24


Pinging yahoo.com [2001:4998:58:c02::a9] with 32 bytes of data:
Reply from 2001:4998:58:c02::a9: time=56ms
Reply from 2001:4998:58:c02::a9: time=56ms

Ping statistics for 2001:4998:58:c02::a9:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 56ms, Maximum = 56ms, Average = 56ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  5...12 10 b3 08 d2 6b ......Microsoft Wi-Fi Direct Virtual Adapter
  4...60 02 92 1b c3 26 ......Realtek PCIe GBE Family Controller
  3...30 10 b3 08 d2 6b ......Qualcomm Atheros AR9485 802.11b/g/n WiFi Adapter
  1...........................Software Loopback Interface 1
  6...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
  7...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254     192.168.1.64     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link      192.168.1.64    276
     192.168.1.64  255.255.255.255         On-link      192.168.1.64    276
    192.168.1.255  255.255.255.255         On-link      192.168.1.64    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link      192.168.1.64    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link      192.168.1.64    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  4    276 ::/0                     fe80::3a3b:c8ff:fecb:3e35
  1    306 ::1/128                  On-link
  6    306 2001::/32                On-link
  6    306 2001:0:9d38:6ab8:1c84:2e55:3f57:febf/128
                                    On-link
  4    276 2602:306:ce00:7710::/64  On-link
  4    276 2602:306:ce00:7710::3e8/128
                                    On-link
  4    276 2602:306:ce00:7710:6d70:f3d:6a3b:3f78/128
                                    On-link
  4    276 2602:306:ce00:7710:a9e5:804a:3dd1:ca88/128
                                    On-link
  4    276 fe80::/64                On-link
  6    306 fe80::/64                On-link
  6    306 fe80::1c84:2e55:3f57:febf/128
                                    On-link
  4    276 fe80::6d70:f3d:6a3b:3f78/128
                                    On-link
  1    306 ff00::/8                 On-link
  4    276 ff00::/8                 On-link
  6    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\WINDOWS\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (05/04/2017 02:35:05 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (05/04/2017 02:35:05 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (05/03/2017 02:37:09 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

Error: (05/03/2017 02:37:09 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)
Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

Error: (05/03/2017 02:32:40 PM) (Source: Windows Search Service) (User: )
Description: The index cannot be initialized.


Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (05/03/2017 02:32:40 PM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.

Context: Windows Application


Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (05/03/2017 02:32:40 PM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (05/03/2017 02:32:40 PM) (Source: Windows Search Service) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog


Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (05/03/2017 02:32:40 PM) (Source: Windows Search Service) (User: )
Description: The plug-in manager <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application


Details:
    (HRESULT : 0x8e5e0210) (0x8e5e0210)

Error: (05/03/2017 02:32:40 PM) (Source: Windows Search Service) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.


Details:
    The content index catalog is corrupt.   0xc0041801 (0xc0041801)


System errors:
=============
Error: (05/05/2017 01:35:21 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:36:45 PM on ‎5/‎5/‎2017 was unexpected.

Error: (05/05/2017 10:54:30 AM) (Source: DCOM) (User: pcname)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/05/2017 10:54:00 AM) (Source: DCOM) (User: pcname)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/04/2017 03:16:21 PM) (Source: DCOM) (User: pcname)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/04/2017 02:28:47 PM) (Source: Microsoft-Windows-Kernel-Boot) (User: NT AUTHORITY)
Description: 32212260171181632

Error: (05/04/2017 02:29:11 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 12:54:24 PM on ‎5/‎4/‎2017 was unexpected.

Error: (05/04/2017 12:56:17 PM) (Source: DCOM) (User: pcname)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (05/04/2017 12:55:47 PM) (Source: DCOM) (User: pcname)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (05/03/2017 02:32:42 PM) (Source: DCOM) (User: pcname)
Description: 1053WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}

Error: (05/03/2017 02:32:42 PM) (Source: Service Control Manager) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053 = The service did not respond to the start or control request in a timely fashion.



Microsoft Office Sessions:
=========================
Error: (05/04/2017 02:35:05 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (05/04/2017 02:35:05 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000

Error: (05/03/2017 02:37:09 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: WmiApRplWmiApRpl8F2030000E5050000

Error: (05/03/2017 02:37:09 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)
Description: Performance163707000000000000000000008F020000

Error: (05/03/2017 02:32:40 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (05/03/2017 02:32:40 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (05/03/2017 02:32:40 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)

Error: (05/03/2017 02:32:40 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog


Details:
    The specified object cannot be found. Specify the name of an existing object.  (HRESULT : 0x80040d06) (0x80040d06)
Search.TripoliIndexer

Error: (05/03/2017 02:32:40 PM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application


Details:
    (HRESULT : 0x8e5e0210) (0x8e5e0210)
Search.TripoliIndexer

Error: (05/03/2017 02:32:40 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    The content index catalog is corrupt.   0xc0041801 (0xc0041801)
The catalog is corrupt


CodeIntegrity Errors:
===================================
  Date: 2017-03-23 14:09:27.371
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-23 14:09:24.730
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-09 00:07:37.512
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-09 00:07:34.187
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-09 00:07:30.384
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-03-09 00:07:25.765
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 12:12:07.421
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2017-02-13 12:12:05.593
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-21 09:59:36.407
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-21 09:59:34.673
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


=========================== Installed Programs ============================

4 Elements II (HKLM-x32\...\WTA-f5de10c1-b9b8-4303-b696-8056525e80f2) (Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 15.14 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1514-000001000000}) (Version: 15.14.00.0 - Igor Pavlov)
Adobe Flash Player 25 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 25.0.0.148 - Adobe Systems Incorporated)
Alcor Micro Generic Hub Filter Driver (HKLM-x32\...\{75503BAD-4FAE-46EE-8360-88E29F8717AF}) (Version: 1.5.0.8 - Alcor Micro Corp.) Hidden
Alcor Micro Generic Hub Filter Driver (HKLM-x32\...\AmUHubftr) (Version: 1.5.0.8 - Alcor Micro Corp.)
Azkend 2: The World Beneath (HKLM-x32\...\WTA-69b869ad-c88e-42bf-a11e-01ca53cd52b5) (Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (HKLM-x32\...\WTA-82e87465-d5db-4710-8cca-68366e2be9ca) (Version: 3.0.2.48 - WildTangent) Hidden
Bejeweled 3 (HKLM-x32\...\WTA-aedefe61-f1a3-47b9-a246-37692bba908e) (Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot Mysteries (HKLM-x32\...\WTA-7c91e92d-40d6-4fd9-8913-29b528b96eda) (Version: 3.0.2.51 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (HKLM-x32\...\WTA-e59f6ef6-dd80-4e78-a486-e256231d5d2e) (Version: 3.0.2.48 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Citrix Online Launcher (HKLM-x32\...\{DB014C85-A264-4BCA-A66F-6DD1FCF8EC36}) (Version: 1.0.335 - Citrix)
Curse at Twilight (HKLM-x32\...\WTA-351fbe14-5004-4713-9175-a60cd6daefcd) (Version: 3.0.2.51 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.5.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3702 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3625 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3626 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
Delicious - Emily's Wonder Wedding Premium Edition (HKLM-x32\...\WTA-feaaa49f-9ad4-485b-87e7-6d2c8b077fd6) (Version: 3.0.2.48 - WildTangent) Hidden
DisableMSDefender (HKLM\...\{74FE39A0-FB76-47CD-84BA-91E2BBB17EF2}) (Version: 1.0.0 - Hewlett-Packard Company) Hidden
DNSUnlocker (HKLM\...\{E1527582-8509-4011-B922-29E3FB548882}_is1) (Version:  - )
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.1.1 (HKLM-x32\...\{19ABCFE2-7EED-11E3-B98A-00163E98E7D6}) (Version: 5.1.1.2334 - Evernote Corp.)
Farm Frenzy (HKLM-x32\...\WTA-21f95a13-82d7-47b2-b980-86acdb755f5c) (Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (HKLM-x32\...\WTA-fc667951-b05b-476b-a809-1a875620ae28) (Version: 3.0.2.38 - WildTangent) Hidden
Fort Defense (HKLM-x32\...\WTA-4111bf4d-f92a-4171-bdeb-0cc609520bc8) (Version: 3.0.2.51 - WildTangent) Hidden
Google Update Helper (HKLM-x32\...\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}) (Version: 1.3.21.169 - Google Inc.) Hidden
GoToMeeting 8.4.0.6871 (HKCU\...\GoToMeeting) (Version: 8.4.0.6871 - CitrixOnline)
Governor of Poker 2 Premium Edition (HKLM-x32\...\WTA-baac7316-9766-447e-a76e-bb8ee6789146) (Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (HKLM-x32\...\{6F340107-F9AA-47C6-B54C-C3A19F11553F}) (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Documentation (HKLM-x32\...\{8126E380-F9C6-4317-9CEE-9BBDDAB676E5}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 13.00.0000 - Hewlett-Packard)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3408 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1050 - Intel Corporation)
Jewel Match 3 (HKLM-x32\...\WTA-207335cf-65e2-4689-a99c-261e5cbee914) (Version: 2.2.0.98 - WildTangent) Hidden
Joining Hands 2 (HKLM-x32\...\WTA-961f6ddf-4388-4ecb-9fc3-4b1d7b0ad421) (Version: 3.0.2.51 - WildTangent) Hidden
King Oddball (HKLM-x32\...\WTA-0a0a0c13-3ec9-40a9-9cef-761ace312c80) (Version: 3.0.2.48 - WildTangent) Hidden
Lost in Reefs 2 (HKLM-x32\...\WTA-af40e941-d6c3-48dc-b31e-07213f02d60f) (Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (HKLM-x32\...\WTA-2c66eb2c-4e61-4c49-9081-7ecad251831c) (Version: 2.2.0.98 - WildTangent) Hidden
MeadCo ScriptX Client Resource Kit (7.5.0.20) (HKLM-x32\...\{7299C8F4-CCFF-45B0-942F-3FB89A80617B}) (Version: 7.5.0 - Mead & Co Ltd.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 53.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 53.0 (x86 en-US)) (Version: 53.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 53.0 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Mystery P.I. - Curious Case of Counterfeit Cove (HKLM-x32\...\WTA-bda77dc8-43eb-4321-b5e4-68bf7c100f8e) (Version: 2.2.0.98 - WildTangent) Hidden
OpenOffice 4.1.3 (HKLM-x32\...\{EEA30AEB-8BA7-465B-85D4-098BB99733E7}) (Version: 4.13.9783 - Apache Software Foundation)
Opera Stable 38.0.2220.41 (HKLM-x32\...\Opera 38.0.2220.41) (Version: 38.0.2220.41 - Opera Software)
Peggle Nights (HKLM-x32\...\WTA-e5691c9f-7bef-4765-8e26-8c379a5e3f73) (Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (HKLM-x32\...\WTA-8c1678b4-09e9-4e6b-9ffa-5ad3911fdc95) (Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\{9B56B031-A6C0-4BB7-8F61-938548C1B759}) (Version: 1.4.0.1 - Pinger Inc.) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Plants vs. Zombies - Game of the Year (HKLM-x32\...\WTA-9acf687e-0847-4c8d-92ec-a987f089c14d) (Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (HKLM-x32\...\WTA-6424cdee-cd2c-42f1-9b1d-e9e0a8193c19) (Version: 3.0.2.59 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.23.1126.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7116 - Realtek Semiconductor Corp.)
Recovery Manager (HKLM-x32\...\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.0.7316 - CyberLink Corp.) Hidden
Roads of Rome 3 (HKLM-x32\...\WTA-65b9c69c-2ea4-422b-91d4-783777018fb7) (Version: 2.2.0.98 - WildTangent) Hidden
Search Provided by Yahoo (HKLM-x32\...\YahooProvidedSearch) (Version:  - )
Solitaire Mystery Four Seasons (HKLM-x32\...\WTA-12d9a028-b1b3-4fe7-9884-69ff477c76cf) (Version: 3.0.2.51 - WildTangent) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
Sparkle 2 (HKLM-x32\...\WTA-24a3010e-3dab-4578-98e9-5dc8e8e4c4cf) (Version: 3.0.2.51 - WildTangent) Hidden
Tales of Lagoona (HKLM-x32\...\WTA-d0910bc5-295a-4a38-988e-64ff1c7b98e1) (Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (HKLM-x32\...\{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App) (Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (HKLM-x32\...\WTA-210b88a8-7e25-43f6-9deb-d0dfdcf37dc4) (Version: 3.0.2.32 - WildTangent) Hidden
Viking Saga (HKLM-x32\...\WTA-d235326e-90f5-4a83-9f2b-6b1f800011e0) (Version: 3.0.2.48 - WildTangent) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VS10Runtimex64 (HKLM\...\{82CD33B2-1DE6-4663-B6F0-1592B2376F78}) (Version: 1.0.0 - sourcefire) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (HKLM-x32\...\{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp) (Version: 4.0.11.2 - WildTangent) Hidden
Youda Jewel Shop (HKLM-x32\...\WTA-b2497b3b-255b-4720-bd85-64161910d504) (Version: 3.0.2.51 - WildTangent) Hidden

========================= Devices: ================================


========================= Memory info: ===================================

Percentage of memory in use: 40%
Total physical RAM: 4007.98 MB
Available physical RAM: 2386.05 MB
Total Virtual: 4407.98 MB
Available Virtual: 2862.24 MB

========================= Partitions: =====================================

1 Drive c: (Windows) (Fixed) (Total:450.23 GB) (Free:407.65 GB) NTFS
2 Drive d: (Recovery Image) (Fixed) (Total:14.05 GB) (Free:1.77 GB) NTFS

========================= Users: ========================================

User accounts for \\PCNAME

Administrator            Guest                    john                     

========================= Restore Points ==================================

12-04-2017 17:28:46 Windows Update
20-04-2017 15:53:23 Scheduled Checkpoint
01-05-2017 11:38:23 Scheduled Checkpoint

**** End of log ****
 

The Malwarebytes report is below.....

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 5/5/17
Scan Time: 1:48 PM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.75
Update Package Version: 1.0.1875
License: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: pcname\john

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 385936
Time Elapsed: 5 min, 59 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 52
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASAPI32, Delete-on-Reboot, [608], [389038],1.0.1875
PUP.Optional.ByteFence, HKLM\SOFTWARE\MICROSOFT\TRACING\ByteFence_RASMANCS, Delete-on-Reboot, [608], [389038],1.0.1875
PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\TRACING\PCKeeperService_RASAPI32, Delete-on-Reboot, [817], [241577],1.0.1875
PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\TRACING\PCKeeperService_RASMANCS, Delete-on-Reboot, [817], [241577],1.0.1875
PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\TRACING\PCKeeper_RASAPI32, Delete-on-Reboot, [817], [241577],1.0.1875
PUP.Optional.PCKeeper, HKLM\SOFTWARE\MICROSOFT\TRACING\PCKeeper_RASMANCS, Delete-on-Reboot, [817], [241577],1.0.1875
PUP.Optional.NetRadio, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\NetRadio-3_RASAPI32, Delete-on-Reboot, [9198], [255410],1.0.1875
PUP.Optional.NetRadio, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\NetRadio-3_RASMANCS, Delete-on-Reboot, [9198], [255410],1.0.1875
PUP.Optional.ProCleaningSoftware, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ProfessionalCleaningSoftware_RASAPI32, Delete-on-Reboot, [996], [255289],1.0.1875
PUP.Optional.ProCleaningSoftware, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\ProfessionalCleaningSoftware_RASMANCS, Delete-on-Reboot, [996], [255289],1.0.1875
PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\04262113-2a31-48e1-b4bb-3b42174bea0f, Delete-on-Reboot, [455], [336950],1.0.1875
PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\e24b7131-d039-43cb-9e6f-ad4be601ec1f, Delete-on-Reboot, [455], [336950],1.0.1875
PUP.Optional.SpyHunter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ESGSCANNER, Delete-on-Reboot, [1326], [331708],1.0.1875
PUP.Optional.UpdateAdmin, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0164A567-E25E-49B2-9CD8-9FE7ADA1313C}, Delete-on-Reboot, [9370], [258223],1.0.1875
PUP.Optional.ProCleaningSoftware, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1CB1CB34-AD1B-480F-BA76-47F023F81BF5}, Delete-on-Reboot, [996], [258232],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2BB3B6A7-2F03-4C7B-A4B5-68FD480B8034}, Delete-on-Reboot, [28], [304524],1.0.1875
PUP.Optional.Intermediate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7A95E79D-31C8-449D-B201-15B5A251CBDD}, Delete-on-Reboot, [15479], [260373],1.0.1875
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{99564F59-F050-4C5E-AC11-B246DF596D84}, Delete-on-Reboot, [338], [390928],1.0.1875
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A762F9C4-9E39-4390-A633-C6F9A383519A}, Delete-on-Reboot, [338], [390928],1.0.1875
PUP.Optional.ProCleaningSoftware, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F729B3B8-1321-4B34-B01D-ED5E5F28B480}, Delete-on-Reboot, [996], [258211],1.0.1875
PUP.Optional.CloudScout, HKLM\SOFTWARE\5da059a482fd494db3f252126fbc3d5b, Delete-on-Reboot, [10184], [246387],1.0.1875
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WebDiscoverBrowser, Delete-on-Reboot, [12645], [253915],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Delete-on-Reboot, [28], [260247],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{E1527582-8509-4011-B922-29E3FB548882}_is1, Delete-on-Reboot, [28], [260251],1.0.1875
PUP.Optional.CloudScout, HKLM\SOFTWARE\WOW6432NODE\5da059a482fd494db3f252126fbc3d5b, Delete-on-Reboot, [10184], [246387],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Delete-on-Reboot, [28], [260247],1.0.1875
PUP.Optional.FunFeedr, HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\SOFTWARE\APPDATALOW\Sams.Browser, Delete-on-Reboot, [10902], [246756],1.0.1875
PUP.Optional.WinYahoo, HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BFREPORT, Delete-on-Reboot, [88], [262014],1.0.1875
PUP.Optional.SystemHealer, HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\SOFTWARE\SYSTEM HEALER, Delete-on-Reboot, [944], [252826],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\DNSWAXHAW, Delete-on-Reboot, [28], [304523],1.0.1875
PUP.Optional.Intermediate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Intermediate, Delete-on-Reboot, [15479], [260374],1.0.1875
PUP.Optional.ProCleaningSoftware, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ProfessionalCleaningSoftware_Popup, Delete-on-Reboot, [996], [255151],1.0.1875
PUP.Optional.ProCleaningSoftware, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ProfessionalCleaningSoftware_Start, Delete-on-Reboot, [996], [255151],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{65d498e5}, Delete-on-Reboot, [28], [260250],1.0.1875
PUP.Optional.InstallCore, HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\SOFTWARE\csastats, Delete-on-Reboot, [3], [260986],1.0.1875
PUP.Optional.FunFeedr, HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\SOFTWARE\FunFeedr, Delete-on-Reboot, [10902], [246757],1.0.1875
PUP.Optional.ProCleaningSoftware, HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\SOFTWARE\ProfessionalCleaningSoftwareLanguage, Delete-on-Reboot, [996], [255418],1.0.1875
PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\SOFTWARE\WebDiscoverBrowser, Delete-on-Reboot, [12645], [253912],1.0.1875
PUP.Optional.WinYahoo, HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\SOFTWARE\wincy, Delete-on-Reboot, [88], [186695],1.0.1875
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Delete-on-Reboot, [503], [260991],1.0.1875
PUP.Optional.SystemHealer, HKU\S-1-5-21-2527154320-2874037395-2289402635-501\SOFTWARE\SYSTEM HEALER, Delete-on-Reboot, [944], [252826],1.0.1875
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Delete-on-Reboot, [503], [260991],1.0.1875
PUP.Optional.SearchManager, HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Delete-on-Reboot, [503], [183362],1.0.1875
PUP.Optional.Conduit, HKU\S-1-5-21-2527154320-2874037395-2289402635-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [555], [236865],1.0.1875
PUP.Optional.Conduit, HKU\S-1-5-21-2527154320-2874037395-2289402635-501\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [555], [236865],1.0.1875
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [555], [236865],1.0.1875
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [555], [236865],1.0.1875
PUP.Optional.Conduit, HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Delete-on-Reboot, [555], [236865],1.0.1875
PUP.Optional.TNT, HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{15986C58-9272-4346-874A-717188B6EE87}, Delete-on-Reboot, [14975], [244085],1.0.1875
PUP.Optional.TNT, HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC7EEB99-6F63-46EA-AA93-AFF224CA7517}, Delete-on-Reboot, [14975], [244085],1.0.1875
PUP.Optional.ProductSetup, HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\SOFTWARE\PRODUCTSETUP, Delete-on-Reboot, [14721], [242047],1.0.1875
PUP.Optional.SystemHealer, HKU\S-1-5-21-2527154320-2874037395-2289402635-500\SOFTWARE\SYSTEM HEALER, Delete-on-Reboot, [944], [252826],1.0.1875

Registry Value: 36
PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\04262113-2a31-48e1-b4bb-3b42174bea0f|DESCRIPTION, Delete-on-Reboot, [455], [336950],1.0.1875
PUP.Optional.OneSystemCare, HKLM\SYSTEM\CURRENTCONTROLSET\CONTROL\POWER\USER\POWERSCHEMES\e24b7131-d039-43cb-9e6f-ad4be601ec1f|DESCRIPTION, Delete-on-Reboot, [455], [336950],1.0.1875
PUP.Optional.SpyHunter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ESGSCANNER|IMAGEPATH, Delete-on-Reboot, [1326], [331708],1.0.1875
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{892164DB-81DD-46C3-BC62-AEF9AB52EB2E}|NameServer, Delete-on-Reboot, [6304], [260227],1.0.1875
PUP.Optional.NetRadio, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|NETRADIO.EXE, Delete-on-Reboot, [9198], [256972],1.0.1875
PUP.Optional.NetRadio, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|NETRADIO.VSHOST.EXE, Delete-on-Reboot, [9198], [256973],1.0.1875
PUP.Optional.UpdateAdmin, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{0164A567-E25E-49B2-9CD8-9FE7ADA1313C}|PATH, Delete-on-Reboot, [9370], [258223],1.0.1875
PUP.Optional.ProCleaningSoftware, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{1CB1CB34-AD1B-480F-BA76-47F023F81BF5}|PATH, Delete-on-Reboot, [996], [258232],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{2BB3B6A7-2F03-4C7B-A4B5-68FD480B8034}|PATH, Delete-on-Reboot, [28], [304524],1.0.1875
PUP.Optional.Intermediate, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{7A95E79D-31C8-449D-B201-15B5A251CBDD}|PATH, Delete-on-Reboot, [15479], [260373],1.0.1875
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{99564F59-F050-4C5E-AC11-B246DF596D84}|PATH, Delete-on-Reboot, [338], [390928],1.0.1875
PUP.Optional.ProPCCleaner, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{A762F9C4-9E39-4390-A633-C6F9A383519A}|PATH, Delete-on-Reboot, [338], [390928],1.0.1875
PUP.Optional.ProCleaningSoftware, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{F729B3B8-1321-4B34-B01D-ED5E5F28B480}|PATH, Delete-on-Reboot, [996], [258211],1.0.1875
PUP.Optional.NetRadio, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|NETRADIO.EXE, Delete-on-Reboot, [9198], [256972],1.0.1875
PUP.Optional.NetRadio, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN\FEATURECONTROL\FEATURE_BROWSER_EMULATION|NETRADIO.VSHOST.EXE, Delete-on-Reboot, [9198], [256973],1.0.1875
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{83A25E2E-A429-4315-958B-B89A7395106F}|NAMESERVER, Delete-on-Reboot, [6304], [260227],1.0.1875
Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{F5A3272E-1F3B-4430-A81D-5BFF9F094389}|NAMESERVER, Delete-on-Reboot, [6304], [260227],1.0.1875
PUP.Optional.WinYahoo, HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\BFREPORT|FILENAME, Delete-on-Reboot, [88], [262014],1.0.1875
PUP.Optional.SystemHealer, HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\SOFTWARE\SYSTEM HEALER|HOMEPAGE, Delete-on-Reboot, [944], [252826],1.0.1875
PUP.Optional.SystemHealer, HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\SOFTWARE\SYSTEM HEALER|CARTURL, Delete-on-Reboot, [944], [261796],1.0.1875
PUP.Optional.SystemHealer, HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\SOFTWARE\SYSTEM HEALER|SUPPORTPAGE, Delete-on-Reboot, [944], [252826],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{65d498e5}|1, Delete-on-Reboot, [28], [260250],1.0.1875
PUP.Optional.PCKeeper, HKU\S-1-5-21-2527154320-2874037395-2289402635-501\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|PCKEEPER2, Delete-on-Reboot, [817], [241575],1.0.1875
PUP.Optional.SystemHealer, HKU\S-1-5-21-2527154320-2874037395-2289402635-501\SOFTWARE\SYSTEM HEALER|HOMEPAGE, Delete-on-Reboot, [944], [252826],1.0.1875
PUP.Optional.SystemHealer, HKU\S-1-5-21-2527154320-2874037395-2289402635-501\SOFTWARE\SYSTEM HEALER|CARTURL, Delete-on-Reboot, [944], [261796],1.0.1875
PUP.Optional.SystemHealer, HKU\S-1-5-21-2527154320-2874037395-2289402635-501\SOFTWARE\SYSTEM HEALER|SUPPORTPAGE, Delete-on-Reboot, [944], [252826],1.0.1875
PUP.Optional.Conduit, HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Delete-on-Reboot, [555], [236865],1.0.1875
PUP.Optional.Conduit, HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, Delete-on-Reboot, [555], [236865],1.0.1875
PUP.Optional.TNT, HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{15986C58-9272-4346-874A-717188B6EE87}|OSDFILEURL, Delete-on-Reboot, [14975], [244085],1.0.1875
PUP.Optional.TNT, HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{15986C58-9272-4346-874A-717188B6EE87}|FAVICONURL, Delete-on-Reboot, [14975], [244085],1.0.1875
PUP.Optional.FindWide, HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{15986C58-9272-4346-874A-717188B6EE87}|URL, Delete-on-Reboot, [8625], [238383],1.0.1875
PUP.Optional.TNT, HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{DC7EEB99-6F63-46EA-AA93-AFF224CA7517}|OSDFILEURL, Delete-on-Reboot, [14975], [244085],1.0.1875
PUP.Optional.ProductSetup, HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\SOFTWARE\PRODUCTSETUP|TB, Delete-on-Reboot, [14721], [242047],1.0.1875
PUP.Optional.SystemHealer, HKU\S-1-5-21-2527154320-2874037395-2289402635-500\SOFTWARE\SYSTEM HEALER|HOMEPAGE, Delete-on-Reboot, [944], [252826],1.0.1875
PUP.Optional.SystemHealer, HKU\S-1-5-21-2527154320-2874037395-2289402635-500\SOFTWARE\SYSTEM HEALER|CARTURL, Delete-on-Reboot, [944], [261796],1.0.1875
PUP.Optional.SystemHealer, HKU\S-1-5-21-2527154320-2874037395-2289402635-500\SOFTWARE\SYSTEM HEALER|SUPPORTPAGE, Delete-on-Reboot, [944], [252826],1.0.1875

Registry Data: 8
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Replace-on-Reboot, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{83A25E2E-A429-4315-958B-B89A7395106F}|NameServer, Replace-on-Reboot, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{83A25E2E-A429-4315-958B-B89A7395106F}|DhcpNameServer, Replace-on-Reboot, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{8718928D-CBEB-45EA-A621-800A9249001D}|NameServer, Replace-on-Reboot, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{892164DB-81DD-46C3-BC62-AEF9AB52EB2E}|NameServer, Replace-on-Reboot, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{892164DB-81DD-46C3-BC62-AEF9AB52EB2E}|DhcpNameServer, Replace-on-Reboot, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{F5A3272E-1F3B-4430-A81D-5BFF9F094389}|NameServer, Replace-on-Reboot, [28], [-1],0.0.0
PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{F5A3272E-1F3B-4430-A81D-5BFF9F094389}|DhcpNameServer, Replace-on-Reboot, [28], [-1],0.0.0

Data Stream: 0
(No malicious items detected)

Folder: 203
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-0001-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-0027-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-0291-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-06b1-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-0855-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-0a07-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-0a53-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-0a73-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-0af3-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-0b33-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-0c81-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-0f47-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-1003-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-1261-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-1443-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-1471-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-1651-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-1673-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-1787-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-1b93-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-1e03-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-1e15-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-1ef1-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-1f37-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-1fe1-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-2261-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-2271-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-2281-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-22e3-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-2373-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-2467-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-24c1-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-2501-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-2647-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-2bd1-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-2be7-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-2d03-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-2f77-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-2ff3-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-3157-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-3221-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-32e1-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-3595-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-3627-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-37a5-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-3917-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-3927-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-39d3-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-3c65-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-3ce5-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-3e01-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-3f31-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-3f93-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-4147-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-4225-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-4345-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-4373-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-4457-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-44e3-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-4633-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-46e3-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-48a7-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-48b1-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-49a5-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-4c05-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-4d15-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-5135-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-5195-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-5705-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-5713-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-5727-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-5731-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-5831-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-58a5-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-5945-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-5955-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-5997-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-5ca1-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-5db1-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-5dc1-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-5e03-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-5e77-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-5fa7-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-60c7-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-6115-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-62c7-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-62e7-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-6397-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-63d7-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-65a7-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-66b7-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-67a1-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-6887-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-68c3-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-6a97-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-6ac1-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-6b95-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-6db1-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-6e03-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-6e57-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-6fa1-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-70f3-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-71b1-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-7351-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-73b5-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-73d7-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-74c3-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-7803-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-7951-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\9c5648c7-79e3-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\f06f5163-0ca5-0, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\f06f5163-4737-1, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{00c1d248-012c-0}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{01243586-212c-1}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{0189a60e-512c-1}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{01f308a5-112c-0}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{0320242f-612c-1}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{0355a511-512c-0}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{0592c5f2-412c-0}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{06227186-612c-1}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{06c15862-412c-0}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{08703951-412c-1}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{0c2e2fd4-512c-1}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{0e896e53-112c-0}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{12486dc5-212c-1}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{12db06fd-312c-1}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{14352c38-612c-0}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{1578331b-512c-0}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{188b6e8b-712c-0}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{1a10e78a-412c-0}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{1b844977-712c-0}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{1e9728c1-412c-1}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{21c84d00-412c-1}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{24ad7949-012c-0}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{26505444-012c-0}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{26505eed-512c-1}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{2831f7b1-112c-1}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{372646f7-612c-0}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{3a176d4a-212c-0}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{3bee242c-112c-0}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{3ef273f9-312c-0}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{403c14ce-512c-0}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{45a070fb-112c-1}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{46b7202d-112c-0}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{4f3e6531-312c-0}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{4fc46553-612c-1}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{5a03642a-212c-0}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{5a4d6d20-612c-0}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{6d6920eb-212c-0}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{6f491f60-512c-1}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{6f873357-012c-0}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{715e0e6b-512c-1}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{75fb4380-112c-1}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\PROGRAMDATA\{7d0d0263-612c-1}, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.CompuClever, C:\Users\john\AppData\Roaming\CompuClever\PC TuneUp Maestro, Delete-on-Reboot, [1254], [331478],1.0.1875
PUP.Optional.CompuClever, C:\USERS\JOHN\APPDATA\ROAMING\CompuClever, Delete-on-Reboot, [1254], [331478],1.0.1875
PUP.Optional.Genius, C:\USERS\JOHN\APPDATA\ROAMING\GeniusCache, Delete-on-Reboot, [2266], [343605],1.0.1875
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\locales, Delete-on-Reboot, [968], [348279],1.0.1875
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2, Delete-on-Reboot, [968], [348279],1.0.1875
PUP.Optional.Webbar, C:\PROGRAM FILES\WebDiscoverBrowser, Delete-on-Reboot, [968], [348279],1.0.1875
PUP.Optional.CompuClever, C:\PROGRAM FILES (X86)\CompuClever, Delete-on-Reboot, [1254], [331477],1.0.1875
PUP.Optional.SystemHealer, C:\PROGRAM FILES (X86)\SystemHealer, Delete-on-Reboot, [944], [182463],1.0.1875
PUP.Optional.FunFeedr, C:\USERS\JOHN\APPDATA\LOCAL\ext_funfeedr, Delete-on-Reboot, [10902], [180896],1.0.1875
PUP.Optional.ProCleaningSoftware, C:\Users\john\AppData\Local\Professional_Cleaning_Sof\ProfessionalCleaningSoftw_Url_aplhg0xb1tqute0uwygrzpiqcmhge0yw\3.0.7.0, Delete-on-Reboot, [996], [181675],1.0.1875
PUP.Optional.ProCleaningSoftware, C:\Users\john\AppData\Local\Professional_Cleaning_Sof\ProfessionalCleaningSoftw_Url_aplhg0xb1tqute0uwygrzpiqcmhge0yw, Delete-on-Reboot, [996], [181675],1.0.1875
PUP.Optional.ProCleaningSoftware, C:\USERS\JOHN\APPDATA\LOCAL\Professional_Cleaning_Sof, Delete-on-Reboot, [996], [181675],1.0.1875
PUP.Optional.WebDiscoverBrowser, C:\Users\john\AppData\Local\WebDiscoverBrowser\User Data, Delete-on-Reboot, [12645], [181497],1.0.1875
PUP.Optional.WebDiscoverBrowser, C:\USERS\JOHN\APPDATA\LOCAL\WebDiscoverBrowser, Delete-on-Reboot, [12645], [181497],1.0.1875
PUP.Optional.ScreenSnapshot, C:\USERS\PUBLIC\DOCUMENTS\GUID\COMMON\I18N\IPCSUPDATECACHE\SCREENSNAPSHOT, Delete-on-Reboot, [12695], [182049],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\external, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\chrome, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\common, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\search, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\external, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\fonts, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\_metadata, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\css, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\USERS\JOHN\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.RegHunter, C:\Program Files\Enigma Software Group\RegHunter\Downloads, Delete-on-Reboot, [925], [331714],1.0.1875
PUP.Optional.RegHunter, C:\Program Files\Enigma Software Group\RegHunter\Rollback, Delete-on-Reboot, [925], [331714],1.0.1875
PUP.Optional.RegHunter, C:\Program Files\Enigma Software Group\RegHunter\Log, Delete-on-Reboot, [925], [331714],1.0.1875
PUP.Optional.RegHunter, C:\PROGRAM FILES\ENIGMA SOFTWARE GROUP\REGHUNTER, Delete-on-Reboot, [925], [331714],1.0.1875
Adware.Agent.Generic, C:\PROGRAMDATA\{D8BCFD67-6F17-4ACC-C99D-0130A2F46FFC}, Delete-on-Reboot, [1358], [331038],1.0.1875
PUP.Optional.Intermediate, C:\USERS\JOHN\APPDATA\ROAMING\INTERMEDIATE, Delete-on-Reboot, [15479], [259325],1.0.1875
PUP.Optional.Genius, C:\USERS\JOHN\APPDATA\ROAMING\GENIUS, Delete-on-Reboot, [2266], [247127],1.0.1875
Adware.Agent.Generic, C:\PROGRAMDATA\{73C44DBA-C46F-FA11-6FC1-0CC31BC53068}, Delete-on-Reboot, [1358], [331038],1.0.1875
PUP.Optional.PCProCleaner, C:\USERS\JOHN\APPDATA\ROAMING\UPDATES, Delete-on-Reboot, [8282], [246034],1.0.1875
PUP.Optional.ScreenSnapShotTool, C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\ScreenSnapshotTool\dump, Delete-on-Reboot, [224], [245712],1.0.1875
PUP.Optional.ScreenSnapShotTool, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\SCREENSNAPSHOTTOOL, Delete-on-Reboot, [224], [245712],1.0.1875
Adware.Agent.Generic, C:\PROGRAMDATA\{393564EE-8E9E-D345-E1D9-3DAFA35DE3BB}, Delete-on-Reboot, [1358], [331038],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{51DF6783-7577-0B3B-18EF-2ED33C87D24B}\HowToRemove, Delete-on-Reboot, [88], [257311],1.0.1875
PUP.Optional.WinYahoo, C:\USERS\JOHN\APPDATA\LOCAL\{51DF6783-7577-0B3B-18EF-2ED33C87D24B}, Delete-on-Reboot, [88], [257311],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{BBA18DFD-9F09-E145-F291-C4ADD6F93835}\HowToRemove, Delete-on-Reboot, [88], [302717],1.0.1875
PUP.Optional.WinYahoo, C:\USERS\JOHN\APPDATA\LOCAL\{BBA18DFD-9F09-E145-F291-C4ADD6F93835}, Delete-on-Reboot, [88], [302717],1.0.1875
PUP.Optional.ProCleaningSoftware, C:\USERS\JOHN\DOCUMENTS\PROFESSIONALCLEANINGSOFTWARE, Delete-on-Reboot, [996], [255146],1.0.1875
PUP.Optional.ProPCCleaner, C:\WINDOWS\INSTALLER\{4B2F04ED-2402-4B78-B0A6-294A38B32753}, Delete-on-Reboot, [338], [242059],1.0.1875
PUP.Optional.UpdateAdmin, C:\WINDOWS\INSTALLER\{07B4B423-E4DA-47D1-8327-B589EB4BEB58}, Delete-on-Reboot, [9370], [244349],1.0.1875

File: 178
PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\9c5648c7-48a7-1\9c5648c7-48a7-1.d, Delete-on-Reboot, [28], [182288],1.0.1875
PUP.Optional.MultiPlug, C:\PROGRAMDATA\65D498E5\5FA3E8A1.DLL, Delete-on-Reboot, [263], [96608],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\{3a176d4a-212c-0}\BIT2A6A.tmp, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\ProgramData\{4fc46553-612c-1}\BIT20A5.tmp, Delete-on-Reboot, [28], [182289],1.0.1875
PUP.Optional.CompuClever, C:\Users\john\AppData\Roaming\CompuClever\PC TuneUp Maestro\ignorelist.xml, Delete-on-Reboot, [1254], [331478],1.0.1875
PUP.Optional.CompuClever, C:\Users\john\AppData\Roaming\CompuClever\PC TuneUp Maestro\tuneup_cfg.dll, Delete-on-Reboot, [1254], [331478],1.0.1875
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\locales\en-US.pak, Delete-on-Reboot, [968], [348279],1.0.1875
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\chrome.dll, Delete-on-Reboot, [968], [348279],1.0.1875
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\chrome.exe, Delete-on-Reboot, [968], [348279],1.0.1875
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\chrome_100_percent.pak, Delete-on-Reboot, [968], [348279],1.0.1875
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\chrome_elf.dll, Delete-on-Reboot, [968], [348279],1.0.1875
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\icudtl.dat, Delete-on-Reboot, [968], [348279],1.0.1875
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\isa.dll, Delete-on-Reboot, [968], [348279],1.0.1875
PUP.Optional.Webbar, C:\Program Files\WebDiscoverBrowser\1.259.2\resources.pak, Delete-on-Reboot, [968], [348279],1.0.1875
PUP.Optional.SystemHealer, C:\Program Files (x86)\SystemHealer\trz8C38.tmp, Delete-on-Reboot, [944], [182463],1.0.1875
PUP.Optional.FunFeedr, C:\Users\john\AppData\Local\ext_funfeedr\ext_funfeedr.dll, Delete-on-Reboot, [10902], [180896],1.0.1875
PUP.Optional.ProCleaningSoftware, C:\Users\john\AppData\Local\Professional_Cleaning_Sof\ProfessionalCleaningSoftw_Url_aplhg0xb1tqute0uwygrzpiqcmhge0yw\3.0.7.0\user.config, Delete-on-Reboot, [996], [181675],1.0.1875
PUP.Optional.ScreenSnapshot, C:\Users\Public\Documents\Guid\Common\I18N\IPCSUpdateCache\ScreenSnapshot\2936295657717472, Delete-on-Reboot, [12695], [182049],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\chrome\common.js, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\chrome\lifecycle.js, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\chrome\settings.js, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\chrome\setup.js, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\chrome\utils.js, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\common\abtest.js, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\common\conf-sys.js, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\common\conf.js, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\common\nt_ptr.js, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\common\prefs-sys.js, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\common\prefs.js, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\common\settings-dev.js, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\common\udata.js, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\external\jquery-2.1.1.min.js, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\external\md5.min.js, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\external\string.min.js, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\external\underscore-min.js, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\search\AutoSuggest.js, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\search\contentscript.js, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\search\newtab-base.js, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\search\search-engines.js, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\search\search-form.js, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\search\search-redirect.js, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\background.html, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\favicon.ico, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\content\newtab.html, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\css\newtab.css, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\css\search.css, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\css\search2.css, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\css\styles.css, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\css\white_bg.css, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\external\normalize.css, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\fonts\HelveticaNeue-Thin.otf, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\fonts\neue-bold.woff, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\fonts\neue.woff, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\01d.svg, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\01n.svg, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\02d.svg, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\02n.svg, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\03d.svg, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\03n.svg, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\04d.svg, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\04n.svg, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\09d.svg, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\09n.svg, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\10d.svg, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\10n.svg, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\11d.svg, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\11n.svg, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\13d.svg, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\13n.svg, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\50d.svg, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\weather\50n.svg, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\128.png, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\16.png, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\48.png, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\icons\close.png, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\bg.jpg, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\bing.png, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\bluesky-bg.jpg, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\brush.png, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\clock.png, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\cloud.png, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\cupcake-bg.jpg, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\desk-bg.jpg, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\doodle.png, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\down.png, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\google.png, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\mountain-bg.jpg, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\sea-bg.jpg, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\yahoo.png, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\skin\images\yahoo.svg, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\_metadata\verified_contents.json, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.SearchManager, C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.6.92_0\manifest.json, Delete-on-Reboot, [503], [331417],1.0.1875
PUP.Optional.RegHunter, C:\Program Files\Enigma Software Group\RegHunter\Log\RegHunter_20150611_133212.log, Delete-on-Reboot, [925], [331714],1.0.1875
PUP.Optional.RegHunter, C:\Program Files\Enigma Software Group\RegHunter\Log\RegHunter_20150611_134346.log, Delete-on-Reboot, [925], [331714],1.0.1875
PUP.Optional.RegHunter, C:\Program Files\Enigma Software Group\RegHunter\Log\RegHunter_20150612_110820.log, Delete-on-Reboot, [925], [331714],1.0.1875
PUP.Optional.RegHunter, C:\Program Files\Enigma Software Group\RegHunter\Log\RegHunter_20150824_134624.log, Delete-on-Reboot, [925], [331714],1.0.1875
PUP.Optional.RegHunter, C:\Program Files\Enigma Software Group\RegHunter\Log\RegHunter_20150825_144604.log, Delete-on-Reboot, [925], [331714],1.0.1875
PUP.Optional.RegHunter, C:\Program Files\Enigma Software Group\RegHunter\Rollback\000000.xml, Delete-on-Reboot, [925], [331714],1.0.1875
PUP.Optional.RegHunter, C:\Program Files\Enigma Software Group\RegHunter\Rollback\000001.xml, Delete-on-Reboot, [925], [331714],1.0.1875
PUP.Optional.RegHunter, C:\Program Files\Enigma Software Group\RegHunter\Rollback\000002.xml, Delete-on-Reboot, [925], [331714],1.0.1875
PUP.Optional.RegHunter, C:\Program Files\Enigma Software Group\RegHunter\scanlog.xml, Delete-on-Reboot, [925], [331714],1.0.1875
PUP.Optional.RegHunter, C:\Program Files\Enigma Software Group\RegHunter\supportlog.txt, Delete-on-Reboot, [925], [331714],1.0.1875
PUP.Optional.WinYahoo, C:\PROGRAMDATA\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOWTOREMOVE.HTML.LNK, Delete-on-Reboot, [88], [254335],1.0.1875
Adware.Agent.Generic, C:\PROGRAMDATA\{D8BCFD67-6F17-4ACC-C99D-0130A2F46FFC}\77D2FA91-C079-4D3A-834C-AE031B60231A.EXE, Delete-on-Reboot, [1358], [331038],1.0.1875
PUP.Optional.Intermediate, C:\USERS\JOHN\APPDATA\ROAMING\INTERMEDIATE\INTERMEDIATE.EXE, Delete-on-Reboot, [15479], [259325],1.0.1875
PUP.Optional.Intermediate, C:\Users\john\AppData\Roaming\Intermediate\main.bin, Delete-on-Reboot, [15479], [259325],1.0.1875
PUP.Optional.Intermediate, C:\Users\john\AppData\Roaming\Intermediate\userid.dll, Delete-on-Reboot, [15479], [259325],1.0.1875
PUP.Optional.Intermediate, C:\Users\john\AppData\Roaming\Intermediate\version.txt, Delete-on-Reboot, [15479], [259325],1.0.1875
PUP.Optional.Genius, C:\USERS\JOHN\APPDATA\ROAMING\GENIUS\VALS.TXT, Delete-on-Reboot, [2266], [247127],1.0.1875
PUP.Optional.Genius, C:\Users\john\AppData\Roaming\Genius\trz216.tmp, Delete-on-Reboot, [2266], [247127],1.0.1875
PUP.Optional.Genius, C:\Users\john\AppData\Roaming\Genius\version.txt, Delete-on-Reboot, [2266], [247127],1.0.1875
Adware.Agent.Generic, C:\PROGRAMDATA\{73C44DBA-C46F-FA11-6FC1-0CC31BC53068}\54BA6CAD-E311-DB06-0E40-0D82374FCD9A.EXE, Delete-on-Reboot, [1358], [331038],1.0.1875
PUP.Optional.PCProCleaner, C:\USERS\JOHN\APPDATA\ROAMING\UPDATES\UPDATES.AIU, Delete-on-Reboot, [8282], [246034],1.0.1875
PUP.Optional.ScreenSnapShotTool, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\SCREENSNAPSHOTTOOL\DUMP\BUGREPORTCONFIG.INI, Delete-on-Reboot, [224], [245712],1.0.1875
Adware.Agent.Generic, C:\PROGRAMDATA\{393564EE-8E9E-D345-E1D9-3DAFA35DE3BB}\E96A9F5B-5EC1-28F0-B74A-DF00855FC2E6.EXE, Delete-on-Reboot, [1358], [331038],1.0.1875
Adware.Graftor, C:\WINDOWS\SYSTEM32\PMLS64.DLL, Delete-on-Reboot, [8425], [299817],1.0.1875
PUP.Optional.RegCurePro, C:\USERS\JOHN\DOWNLOADS\REGCUREPROSETUP_343AC879-20DC-4DED-B10D-83A768F0F8CC_.EXE, Delete-on-Reboot, [1473], [336305],1.0.1875
PUP.Optional.DownLoadAdmin, C:\USERS\JOHN\DOWNLOADS\SPYBOTSD_SETUP.EXE, Delete-on-Reboot, [5], [357238],1.0.1875
PUP.Optional.FlvDownloader, C:\USERS\JOHN\DOWNLOADS\FLASHPLAYER_UPDATER [1].EXE, Delete-on-Reboot, [8242], [92873],1.0.1875
PUP.Optional.WinYahoo, C:\USERS\JOHN\APPDATA\LOCAL\{51DF6783-7577-0B3B-18EF-2ED33C87D24B}\MONI, Delete-on-Reboot, [88], [257311],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{51DF6783-7577-0B3B-18EF-2ED33C87D24B}\HowToRemove\chromium-min.jpg, Delete-on-Reboot, [88], [257311],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{51DF6783-7577-0B3B-18EF-2ED33C87D24B}\HowToRemove\control panel-min-min.JPG, Delete-on-Reboot, [88], [257311],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{51DF6783-7577-0B3B-18EF-2ED33C87D24B}\HowToRemove\down.png, Delete-on-Reboot, [88], [257311],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{51DF6783-7577-0B3B-18EF-2ED33C87D24B}\HowToRemove\ff menu.JPG, Delete-on-Reboot, [88], [257311],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{51DF6783-7577-0B3B-18EF-2ED33C87D24B}\HowToRemove\ff search engine-min.png, Delete-on-Reboot, [88], [257311],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{51DF6783-7577-0B3B-18EF-2ED33C87D24B}\HowToRemove\HowToRemove.html, Delete-on-Reboot, [88], [257311],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{51DF6783-7577-0B3B-18EF-2ED33C87D24B}\HowToRemove\hp-min ff.png, Delete-on-Reboot, [88], [257311],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{51DF6783-7577-0B3B-18EF-2ED33C87D24B}\HowToRemove\hp-min ie.png, Delete-on-Reboot, [88], [257311],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{51DF6783-7577-0B3B-18EF-2ED33C87D24B}\HowToRemove\search engine.gif, Delete-on-Reboot, [88], [257311],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{51DF6783-7577-0B3B-18EF-2ED33C87D24B}\HowToRemove\setup pages.gif, Delete-on-Reboot, [88], [257311],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{51DF6783-7577-0B3B-18EF-2ED33C87D24B}\HowToRemove\sp-min.png, Delete-on-Reboot, [88], [257311],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{51DF6783-7577-0B3B-18EF-2ED33C87D24B}\HowToRemove\start-min.jpg, Delete-on-Reboot, [88], [257311],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{51DF6783-7577-0B3B-18EF-2ED33C87D24B}\HowToRemove\up.png, Delete-on-Reboot, [88], [257311],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{51DF6783-7577-0B3B-18EF-2ED33C87D24B}\bapi.dat, Delete-on-Reboot, [88], [257311],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{51DF6783-7577-0B3B-18EF-2ED33C87D24B}\caso, Delete-on-Reboot, [88], [257311],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{51DF6783-7577-0B3B-18EF-2ED33C87D24B}\info.dat, Delete-on-Reboot, [88], [257311],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{51DF6783-7577-0B3B-18EF-2ED33C87D24B}\install.log, Delete-on-Reboot, [88], [257311],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{51DF6783-7577-0B3B-18EF-2ED33C87D24B}\nili, Delete-on-Reboot, [88], [257311],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{51DF6783-7577-0B3B-18EF-2ED33C87D24B}\Sqlite3.dll, Delete-on-Reboot, [88], [257311],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{51DF6783-7577-0B3B-18EF-2ED33C87D24B}\uninst.dat, Delete-on-Reboot, [88], [257311],1.0.1875
PUP.Optional.WinZipMalwareProtector, C:\USERS\JOHN\DOWNLOADS\WZMP_8.EXE, Delete-on-Reboot, [2271], [111773],1.0.1875
PUP.Optional.BundleInstaller, C:\USERS\JOHN\DOWNLOADS\SAFARI BROWSER SETUP.EXE, Delete-on-Reboot, [25], [314000],1.0.1875
PUP.Optional.WinYahoo, C:\USERS\JOHN\APPDATA\LOCAL\{BBA18DFD-9F09-E145-F291-C4ADD6F93835}\HOWTOREMOVE\HOWTOREMOVE.HTML, Delete-on-Reboot, [88], [302717],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{BBA18DFD-9F09-E145-F291-C4ADD6F93835}\HowToRemove\chromium-min.jpg, Delete-on-Reboot, [88], [302717],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{BBA18DFD-9F09-E145-F291-C4ADD6F93835}\HowToRemove\control panel-min-min.JPG, Delete-on-Reboot, [88], [302717],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{BBA18DFD-9F09-E145-F291-C4ADD6F93835}\HowToRemove\down.png, Delete-on-Reboot, [88], [302717],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{BBA18DFD-9F09-E145-F291-C4ADD6F93835}\HowToRemove\ff menu.JPG, Delete-on-Reboot, [88], [302717],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{BBA18DFD-9F09-E145-F291-C4ADD6F93835}\HowToRemove\ff search engine-min.png, Delete-on-Reboot, [88], [302717],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{BBA18DFD-9F09-E145-F291-C4ADD6F93835}\HowToRemove\hp-min ff.png, Delete-on-Reboot, [88], [302717],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{BBA18DFD-9F09-E145-F291-C4ADD6F93835}\HowToRemove\hp-min ie.png, Delete-on-Reboot, [88], [302717],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{BBA18DFD-9F09-E145-F291-C4ADD6F93835}\HowToRemove\search engine.gif, Delete-on-Reboot, [88], [302717],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{BBA18DFD-9F09-E145-F291-C4ADD6F93835}\HowToRemove\setup pages.gif, Delete-on-Reboot, [88], [302717],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{BBA18DFD-9F09-E145-F291-C4ADD6F93835}\HowToRemove\sp-min.png, Delete-on-Reboot, [88], [302717],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{BBA18DFD-9F09-E145-F291-C4ADD6F93835}\HowToRemove\start-min.jpg, Delete-on-Reboot, [88], [302717],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{BBA18DFD-9F09-E145-F291-C4ADD6F93835}\HowToRemove\up.png, Delete-on-Reboot, [88], [302717],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{BBA18DFD-9F09-E145-F291-C4ADD6F93835}\config.dat, Delete-on-Reboot, [88], [302717],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{BBA18DFD-9F09-E145-F291-C4ADD6F93835}\info.dat, Delete-on-Reboot, [88], [302717],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{BBA18DFD-9F09-E145-F291-C4ADD6F93835}\install.log, Delete-on-Reboot, [88], [302717],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{BBA18DFD-9F09-E145-F291-C4ADD6F93835}\sini, Delete-on-Reboot, [88], [302717],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{BBA18DFD-9F09-E145-F291-C4ADD6F93835}\Sqlite3.dll, Delete-on-Reboot, [88], [302717],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{BBA18DFD-9F09-E145-F291-C4ADD6F93835}\STTL.DAT, Delete-on-Reboot, [88], [302717],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{BBA18DFD-9F09-E145-F291-C4ADD6F93835}\TTL.DAT, Delete-on-Reboot, [88], [302717],1.0.1875
PUP.Optional.WinYahoo, C:\Users\john\AppData\Local\{BBA18DFD-9F09-E145-F291-C4ADD6F93835}\uninst.dat, Delete-on-Reboot, [88], [302717],1.0.1875
PUP.Optional.ProCleaningSoftware, C:\USERS\JOHN\DOCUMENTS\PROFESSIONALCLEANINGSOFTWARE\logerror.txt, Delete-on-Reboot, [996], [255146],1.0.1875
PUP.Optional.ProCleaningSoftware, C:\Users\john\Documents\ProfessionalCleaningSoftware\log.txt, Delete-on-Reboot, [996], [255146],1.0.1875
PUP.Optional.SpyHunter, C:\WINDOWS\SYSTEM32\DRIVERS\ESGSCANNER.SYS, Delete-on-Reboot, [1326], [331708],1.0.1875
PUP.Optional.WinYahoo, C:\USERS\JOHN\APPDATA\LOCAL\CHROMIUM\USER DATA\DEFAULT\SECURE PREFERENCES, Replaced, [88], [303044],1.0.1875
PUP.Optional.WinYahoo, C:\USERS\JOHN\APPDATA\LOCALLOW\MICROSOFT\INTERNET EXPLORER\SERVICES\WINCY.ICO, Delete-on-Reboot, [88], [246865],1.0.1875
PUP.Optional.DNSUnlocker.ACMB2, C:\WINDOWS\SYSTEM32\TASKS\DNSWAXHAW, Delete-on-Reboot, [28], [304525],1.0.1875
PUP.Optional.WinYahoo, C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XE4E00P6.DEFAULT\SEARCHPLUGINS\SEARCH PROVIDED BY YAHOO.XML, Delete-on-Reboot, [88], [302287],1.0.1875
PUP.Optional.ProPCCleaner, C:\WINDOWS\INSTALLER\{4B2F04ED-2402-4B78-B0A6-294A38B32753}\Pro_PC_Cleaner_Icon.exe, Delete-on-Reboot, [338], [242059],1.0.1875
PUP.Optional.DownLoadAdmin, C:\WINDOWS\INSTALLER\121B78.MSI, Delete-on-Reboot, [5], [301032],1.0.1875
PUP.Optional.WinYahoo, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\BROWSER\COMPONENTS\MRT.JS, Delete-on-Reboot, [88], [257707],1.0.1875
PUP.Optional.UpdateAdmin, C:\WINDOWS\INSTALLER\{07B4B423-E4DA-47D1-8327-B589EB4BEB58}\ICON.ICO, Delete-on-Reboot, [9370], [244349],1.0.1875
PUP.Optional.ProCleaningSoftware, C:\WINDOWS\SYSTEM32\TASKS\ProfessionalCleaningSoftware_Popup, Delete-on-Reboot, [996], [255149],1.0.1875
PUP.Optional.ProCleaningSoftware, C:\WINDOWS\SYSTEM32\TASKS\ProfessionalCleaningSoftware_Start, Delete-on-Reboot, [996], [255149],1.0.1875
PUP.Optional.Intermediate, C:\WINDOWS\SYSTEM32\TASKS\INTERMEDIATE, Delete-on-Reboot, [15479], [260371],1.0.1875
PUP.Optional.WinYahoo, C:\USERS\JOHN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XE4E00P6.DEFAULT\SEARCHPLUGINS\YAHOO! POWERED.XML, Delete-on-Reboot, [88], [302287],1.0.1875

Physical Sector: 0
(No malicious items detected)


(end)

 

The Eset Log is below....

C:\AdwCleaner\Quarantine\C\ProgramData\Kromtech\installer.exe.vir    a variant of Win32/Adware.PCKeeper.A application    
C:\AdwCleaner\Quarantine\C\WINDOWS\SysWOW64\pmls.dll.vir    a variant of Win32/Adware.RK.AM application    
 

Thank-you for your help,

 

John



#4 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,032 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:01:16 AM

Posted 05 May 2017 - 02:04 PM

Any improvements with your computer?

 

Download Rkill from one of the below three links. (Use the one that runs on your PC without being blocked).

Link 1

Link 2

Link 3

 

  1. Double-click on the file you downloaded (either rkill.exe, iExplore.exe, or rkill.com) to launch Rkill.

  2. If a black box appears, the program is running correctly. If nothing happens, then try another link.

  3. Let the scan complete, then paste the contents of the text file that pops up at the end into a post.

  4. Important: Do not restart your computer once the scan is done!

 

 

 

Download FSS (Farbar Service Scanner) and save it to your desktop.

 

1. Right-click the program file and select Run as Administrator.

2. Make sure the following options are selected:

 

Internet Services

Windows Firewall

System Restore

Security Center/Action Center

Windows Update

Windows Defender

Other Services

 

3. Click Scan and wait until the scan is complete.

 

A logfile called FSS.txt will be on your desktop.

Paste the contents into a post.

 

 

Download SecurityCheck by screen317.

 

  1. Click on the downloaded file and follow the instructions in the box on the screen.

  2. Paste the log file contents into a post.

  3. Important: If you get an error message, please restart your computer and try again.

 

 

Download Junkware Removal Tool and save it to your desktop.

  1. Double-click on the JRT.exe file on your desktop.

  2. Let JRT scan your computer and remove any infections.

  3. On your desktop, there will be a logfile called JRT.txt. Paste its contents into a post.

 

 

Download AdwCleaner and save it to your desktop.

  1. Click on the file you downloaded.

  2. Click Scan to start AdwCleaner's scanning process.

  3. Once done, make sure to delete all found threats.

  4. Open the “Logfile” and paste its contents into a post.


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#5 johncoins

johncoins
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 05 May 2017 - 03:11 PM

I think this is helping... The Rkill is below..

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2017 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 05/05/2017 03:16:32 PM in x64 mode.
Windows Version: Windows 8.1 Connected

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * AppMgmt [Missing Service]
 * PeerDistSvc [Missing Service]
 * CscService [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1     www.007guard.com
  127.0.0.1     007guard.com
  127.0.0.1     008i.com
  127.0.0.1     www.008k.com
  127.0.0.1     008k.com
  127.0.0.1     www.00hq.com
  127.0.0.1     00hq.com
  127.0.0.1     010402.com
  127.0.0.1     www.032439.com
  127.0.0.1     032439.com
  127.0.0.1     www.0scan.com
  127.0.0.1     0scan.com
  127.0.0.1     1000gratisproben.com
  127.0.0.1     www.1000gratisproben.com
  127.0.0.1     1001namen.com
  127.0.0.1     www.1001namen.com
  127.0.0.1     100888290cs.com
  127.0.0.1     www.100888290cs.com
  127.0.0.1     www.100sexlinks.com
  127.0.0.1     100sexlinks.com

  20 out of 15494 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 05/05/2017 03:20:46 PM
Execution time: 0 hours(s), 4 minute(s), and 13 seconds(s)
 

FSS scan is below...

Farbar Service Scanner Version: 27-01-2016
Ran by john (administrator) on 05-05-2017 at 15:24:48
Running from "C:\Users\john\Downloads"
Microsoft Windows 8.1 with Bing  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv: "C:\WINDOWS\system32\wuaueng.dll".


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

Security Check file is below..

 Results of screen317's Security Check version 1.014 --- 12/23/15  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
Malwarebytes       
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Adobe Flash Player     25.0.0.148  
 Mozilla Firefox (53.0)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamtray.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

 

Junkware removal log is below..

 

Checking for update
 ================================================================
 [                                                              ]
 [         Junkware Removal Tool (JRT) by Malwarebytes          ]
 [                  Version 8.1.3 (04.10.2017)                  ]
 [         Information about this tool can be found at          ]
 [                     www.malwarebytes.com                     ]
 [                                                              ]
 [           This software is free to download and use          ]
 [                                                              ]
 [      Please save any unsaved work before proceeding as       ]
 [  the program will terminate most applications during cleanup ]
 [                                                              ]
 [                                                              ]
 [                       ** DISCLAIMER **                       ]
 [                                                              ]
 [           This software is provided "as is" without          ]
 [        warranty of any kind. You may use this software       ]
 [                       at your own risk.                      ]
 [                                                              ]
 [     Click the [X] in the top-right corner of this window     ]
 [                if you wish to exit. Otherwise,               ]
 ================================================================

Press any key to continue . . .

Requesting restore point... SUCCESS
Validating restore point... SUCCESS
(*       )  Processes
(**      )  Startup - Logon
(***     )  Startup - Scheduled Tasks
(****    )  Services
(*****   )  File System
(******  )  Browsers
(******* )  Shortcuts
(********)  Preparing Report

JRT has successfully been run. Please review the report in JRT.txt.
 

 

I ran the AwdCleaner and it found 58 threats but the program stopped working during the removal process , I tried it twice with the same result.. When I downloaded the  AwdCleaner from the link you posted , when I ran it it said it was outdated and directed me to the site for  a newer copy.

 

I'll try again to run it and post the results.

 

Thank-you for your time

 

John



#6 johncoins

johncoins
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 05 May 2017 - 03:24 PM

I ran the AdwCleaner again it found 20 threats  and this time it ran all the way through, the log is below

# AdwCleaner v6.045 - Logfile created 05/05/2017 at 16:15:35
# Updated on 28/03/2017 by Malwarebytes
# Database : 2017-05-04.2 [Local]
# Operating System : Windows 8.1 Connected  (X64)
# Username : john - PCNAME
# Running from : C:\Users\john\Downloads\AdwCleaner(1).exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****



***** [ Folders ] *****



***** [ Files ] *****



***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}
[-] Value deleted: HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Pokki]
[-] Value deleted: HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [UpdateAdmin]
[-] Value deleted: [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [vProt]
[-] Value deleted: HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [WebDiscoverBrowser]
[-] Value deleted: HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Web Companion]
[-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION [WeatherBug.exe]
[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\LavasoftTcpService.exe


***** [ Web browsers ] *****

[-] Firefox preferences cleaned: "browser.search.defaultenginename" -  "Yahoo! Powered"
[-] Firefox preferences cleaned: "browser.search.defaultenginename.US" -  "Yahoo! Powered"
[-] Firefox preferences cleaned: "browser.search.defaulturl" -  "hxxps://search.yahoo.com/yhs/search"
[-] Firefox preferences cleaned: "browser.search.selectedEngine" -  "Yahoo! Powered"
[-] Firefox preferences cleaned: "ff.pingUrl" -  "hxxp://api.funfeedr.com/ping.php?ch=ffai"
[-] [C:\Users\john\AppData\Local\Chromium\User Data\Default\Web data] [Search Provider] Deleted: yahoo! powered
[-] [C:\Users\john\AppData\Local\Chromium\User Data\Default] [extension] Deleted: pilplloabdedfmialnfchjomjmpjcoej
[-] [C:\Users\john\AppData\Local\Chromium\User Data\Default] [homepage] Deleted: hxxps://us.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wncy_instlmtrx_16_24_ssg01&param1=1&param2=f%3D1%26b%3Dchmm%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1QzuyCtDtDtBzytBtC0B0CtAtByCtD0FyByDtN0D0Tzu0StCyCtByCtN1L2XzutAtFtBtBtFtAtFzztN1L1Czu1ByEtN1L1G1B1V1N2Y1L1Qzu2StByBtCtCtD0BzztDtGyD0Dzz0FtG0A0Ezy0FtGyDtCyEyBtG0AyDtByEyDzz0ByDyE0D0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0B0AzyzzzzyE0CtBtG0DyCtCtCtGyEyEyByCtGzytBtB0DtG0C0FyDtDzy0EyD0B0CtC0DyD2QtN0A0LzutB%26cr%3D924278770%26a%3Dwncy_instlmtrx_16_24_ssg01%26os_ver%3D6.3%26os%3DWindows%2B8.1%2BConnected&uref=chmm
[-] [C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\john\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\john\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pilplloabdedfmialnfchjomjmpjcoej


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [5926 Bytes] - [24/11/2015 14:15:33]
C:\AdwCleaner\AdwCleaner[C2].txt - [3618 Bytes] - [05/05/2017 16:15:35]
C:\AdwCleaner\AdwCleaner[S1].txt - [5508 Bytes] - [24/11/2015 14:09:34]
C:\AdwCleaner\AdwCleaner[S2].txt - [6429 Bytes] - [05/05/2017 15:53:12]
C:\AdwCleaner\AdwCleaner[S3].txt - [3912 Bytes] - [05/05/2017 16:15:08]

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3910 Bytes] ##########

Thank-you for your time

 

John



#7 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,032 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:01:16 AM

Posted 05 May 2017 - 05:18 PM

Please post the JRT log that's on your desktop. The log is called JRT.txt, not JRT.exe.

How is your computer doing?

What OS are you running?


Edited by iMacg3, 05 May 2017 - 05:20 PM.

Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#8 johncoins

johncoins
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 09 May 2017 - 02:09 PM

Sorry for the delay, I just got back from the weekend.

 

I really appreciate your help in trying  to square away my computer. The JRT log is posted below

 

Thank-you again for your time

 

John

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 8.1 Connected x64 
Ran by john (Administrator) on Fri 05/05/2017 at 15:31:00.66
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 8 

Successfully deleted: C:\ProgramData\65d498e5 (Folder) 
Successfully deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\pc app store.lnk (Shortcut) 
Successfully deleted: C:\Users\john\Appdata\LocalLow\weatherblinkei (Folder) 
Successfully deleted: C:\Users\john\AppData\Roaming\nico mak computing (Folder) 
Successfully deleted: C:\Users\john\Start Menu\Programs\pc app store.lnk (Shortcut) 
Successfully deleted: C:\users\Public\Documents\guid (Folder) 
Successfully deleted: C:\WINDOWS\wininit.ini (File) 
Successfully deleted: C:\Program Files (x86)\pro pc cleaner (Folder) 



Registry: 4 

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4889B31A-E909-4BD5-AA1B-F441F5C2A4C7} (Registry Value) 
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AC89D509-8BCD-4090-9741-3C25CC3A8C9F} (Registry Key)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{AC89D509-8BCD-4090-9741-3C25CC3A8C9F} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 05/05/2017 at 15:36:00.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#9 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,032 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:01:16 AM

Posted 09 May 2017 - 04:23 PM

Any improvement?

 

  1. Download Hitman Pro and save it to your desktop.(32 bit)(64 bit)
  2. Double-click on the Hitman Pro EXE file on your desktop.
  3. Once it's open, click Settings, then uncheck Scan for Tracking Cookies. 
  4. Click OK, then click Next.
  5. Select No, I only want to perform a one time scan the click Next.
  6. HitmanPro will start scanning your system. Once done scanning, HitmanPro will display a screen with any threats found. Important: Click on the drop-down tab next to the infection name and then click Apply to All > Ignore. If not, you could cause damage to your operating system! Make sure you choose to Ignore the files and then click next. You will be at the results window. Click "Save Log" and save it to your desktop. Paste its contents into a post.

 

 

Download Malwarebytes Anti-Rootkit and save it to your desktop.

  1. Double-click on the .EXE file that you downloaded and follow the extracting prompt.

  2. Find the MBAR folder and launch the executable in the folder.

  3. Select the option to Update the virus definitions.

  4. Once done updating, MBAR will scan your computer.

  5. When complete, please click Cleanup to remove the threats. Do NOT click inside the window when MBAR is doing the cleanup process.

  6. When finished, restart the PC.

  7. Post these logs in a forum post, which are inside the MBAR folder: mbar-log(date) and system-log.txt.


Edited by iMacg3, 09 May 2017 - 04:28 PM.

Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#10 johncoins

johncoins
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 11 May 2017 - 02:28 PM

Sorry, it took so long for me to get back to you...  The computer seems to be running better...

 

I got the scan results in reverse... the Malwarebyte  scan result is below....it said no infections found

 

\

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org

Database version:
  main:    v2017.05.11.06
  rootkit: v2017.04.02.01

Windows 8.1 x64 NTFS
Internet Explorer 11.0.9600.18666
john :: PCNAME [administrator]

5/11/2017 2:49:09 PM
mbar-log-2017-05-11 (14-49-09).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 335969
Time elapsed: 23 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

The Hitman pro scan is listed below it found some stuff......

HitmanPro 3.7.18.284
www.hitmanpro.com

   Computer name . . . . : PCNAME
   Windows . . . . . . . : 6.3.0.9600.X64/2
   User name . . . . . . : pcname\john
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free

   Scan date . . . . . . : 2017-05-11 15:13:22
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 6m 16s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 8

   Objects scanned . . . : 2,246,076
   Files scanned . . . . : 55,049
   Remnants scanned  . . : 523,665 files / 1,667,362 keys

Suspicious files ____________________________________________________________

   C:\Users\john\Downloads\7zip.exe
      Size . . . . . . . : 1,200,163 bytes
      Age  . . . . . . . : 624.1 days (2015-08-26 13:57:52)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 7C0281A82F92299B8E351EC031ADC5C409B2FF2247C915F0AC1868D213BE6B90
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 22.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.


Potential Unwanted Programs _________________________________________________

   HKLM\SOFTWARE\Classes\Applications\WeatherBugStub.exe\ (WeatherBug)
   HKLM\SOFTWARE\Classes\Interface\{A93C7559-671D-47B2-BA26-4C65B4529C54}\ (MindSpark)
   HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
   HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}\ (SaleCharger)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ (CouponBar)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{1B9604EE-B104-45C8-8551-5F63BA631E23}\ (WeatherBug)
   HKU\S-1-5-21-2527154320-2874037395-2289402635-1001\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}\ (SaleCharger)
 

Thank-you for your time

 

John



#11 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,032 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:01:16 AM

Posted 11 May 2017 - 02:30 PM

Rerun Hitman Pro and remove everything.

Any more Infected popups?


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#12 johncoins

johncoins
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 11 May 2017 - 02:53 PM

Thank-you for all of your help,, the computer seems to run better and faster. those malicious pop-ups saying  that the computer is infected haven't come up since we started running the different programs....

 

Again thank-you for your time and for all of your help......

 

John



#13 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,032 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:01:16 AM

Posted 12 May 2017 - 09:06 PM

Download Xplode Delfix and save it to your desktop.

 

  1. Run the Delfix file you downloaded.

  2. Make sure that Remove disinfecton tools is selected and that nothing else is checked. This will remove all the tools we used to clean up the malware.

  3. Click OK and paste the log file for Delfix into a post. Delete Delfix from your computer.

  4. Once finished running Delfix, your computer should be clean.


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#14 johncoins

johncoins
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:01:16 AM

Posted 15 May 2017 - 03:08 PM

The Delfix log is posted below...

# DelFix v1.010 - Logfile created 15/05/2017 at 16:05:57
# Updated 26/04/2015 by Xplode
# Username : john - PCNAME
# Operating System : Windows 8.1 Connected  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\AdwCleaner
Deleted : C:\Users\john\Desktop\mbar
Deleted : C:\Users\john\Desktop\JRT.txt
Deleted : C:\Users\john\Desktop\Rkill.txt
Deleted : C:\Users\john\Downloads\AdwCleaner(1).exe
Deleted : C:\Users\john\Downloads\AdwCleaner.exe
Deleted : C:\Users\john\Downloads\adwcleaner_6.046.exe
Deleted : C:\Users\john\Downloads\FSS.exe
Deleted : C:\Users\john\Downloads\FSS.txt
Deleted : C:\Users\john\Downloads\JRT.exe
Deleted : C:\Users\john\Downloads\HijackThis (1).exe
Deleted : C:\Users\john\Downloads\hijackthis.log
Deleted : C:\Users\john\Downloads\MiniToolBox.exe
Deleted : C:\Users\john\Downloads\rkill.exe
Deleted : C:\Users\john\Downloads\SecurityCheck.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

########## - EOF - ##########

Thank-you for your time and all of your help...

 

John



#15 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,032 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:01:16 AM

Posted 15 May 2017 - 05:01 PM

Is your computer 100% back to normal?


Regards, iMacg3

"Do, or do not. There is no try." - Yoda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users